With the advent of the free use policy of the microwave frequency of 2.4 Ghz, several companies set out to develop a means to connect computers to central hubs within single or multiple facilities. As a result, wireless local area networks became very popular within select segments of the economy.
However, wireless equipment was designed to service private LANs and the need to extrapolate to wide area networks has led to the manifestation of several limitations. In particular, the 2.4 Ghz frequency solution has lagged behind wired connections in terms of speed and volume of transmissions since its inception. It has also been discovered that water has a significant impact on transmissions of the 2.4 Ghz spectrum. With this in mind, it is no surprise that the foliage of trees can attenuate signal strength to unacceptable levels. Additional concerns have been raised regarding routing efficiency, public domain access control, bandwidth control, data interception, and basic security.
In reaction to these limitations, companies have recently developed wireless equipment that is capable of speeds up to 11 Mps but have been unable to address the control issues listed above. Of particular importance is security.
One form of security provided that the security information be held confidential and released to authorized users only, in the form of the network name. However, the wide dissemination of the network name makes security in public domains virtually impossible. The next generation security method employed MAC filtering. MAC filtering also proves of little consequence in a public domain because of the basic premise of an open wireless system. Traffic on a wireless system is not logically separated between nodes. Therefore, message traffic may be sniffed and decoded. MAC address spoofing is a common hacker method of creating aliases. Furthermore, the MAC address filtering occurs on the connection point to the wireless equipment. This poses two threats.
First the user can connect to the node. Once connected to the node, network traffic may be passed to other users on the node. Moreover, if any user has established a proxy server on an authorized connection, the invalid MAC address may pass through the open proxy. This step can be done with or without knowledge of the user with the proxy.
Second, although theft of service is simple with MAC addressing, another fundamental security issue arises regarding access control. In conventional wireless equipment, the MAC address filtering occurs at the connection point. The connection point typically contains approximately 400 to 500 available MAC address filters. This theory of limited MAC addresses is good for stationary customers but is very limiting on rooming customers. Without placing every customer on every connection point, mobile use is impossible.
A central MAC server could alleviate this problem, but would create the environment for an alternative security breach resulting from the clear text passage of authorized MAC addresses.
In an attempt to address the limitations of MAC addressing, vendors have provided RADIUS like solutions for MAC addressing. However, RADIUS creates a severe problem for mobility at the socket layer for the network. The user will experience short interruptions in service as they transition towers. This is fine for some forms of Internet traffic, like FTP, but Simple Mail Transfer Protocol (SMTP) and streaming video/audio are adversely effected and will lead to service interruptions.
Additionally, Wired Equivalent Protocol (WEP) is used as a security feature for precluding the interception of traffic. This protocol is of little use in a public domain. WEP is a common key code solution that allows the user to store the encryption key in clear text in the user computer. It is a very simple process to extract this key code from one computer to another in a public domain. In a private setting this code control is an operational security measure that will result in an efficient means of security. However, this operational security is not feasible in the public sector. WEP also places 40 percent of overhead into the network greatly reducing the effective bandwidth available to customers.
Finally with all these items addressed there still resides the problem with routing the entire network. Today's routing logic only addresses 3 to 5 bridge layers in any given data network. In order to properly build out a location requires many more than 3 to 5 connection points within a city. To solve the WPDWAN requires a wireless router on critical nodes.
But, even with the routing layer solved the inevitable out point arises with mobile customers. In today's network design each computer connected to the network requires an IP address. That address is assigned when the first communication of authentication is completed. We can assume that the network will not be on a contiguous network with all connection points leading to one out point. This design is neither logistically feasible on a large scale nor is it a functionally redundant design. Networks are designed to physically segment networks for redundancy. When that is completed the network has border routing involved that transports information from the LAN to the Internet. The border router has a logical segment of addresses that it routinely routes. However, mobile IP is not typically included in this method because to date most LANs have been static in nature. The IP address can be assigned through DHCP or assigned as static. In either case that IP is assigned to the logical and physical segment in which it was assigned. In order to route in another segment area the IP address must be reassigned. If this scenario is used then static IP addressing no longer becomes an option. However, if the border routers broadcast all border routes, it is possible to carry IP addresses from one physical border segment into another border segment. In that scenario both DHCP and static IP addressing are functional solutions. This method can be accomplished using Border Gateway Protocol (BGP). However, this solution requires that the wireless connection and route be one layer removed from the border router. Hence a WPDWAN with mobile solution cannot be accomplished without BGP, and a multi-point wireless router.
Physical segments will naturally be created in the build out of a cellular network that will coincide with a logic separation of routing paths. It is conceivable that each customer would receive his or her own static IP. This method is used in Europe. However, that process is cumbersome, logistically difficult to handle, and a waste of resources. DHCP is the alternative to distribute IP addresses to those users that are online and using the service. Under the auspice of DHCP submission it now becomes difficult to manage IP addresses as users pass from one physical segment to another. However, there is a dynamic network solution not innate to any operating system but developed by a third party that can dynamically shift these addresses to work between the physical and logical segmentation. Furthermore this same system offers directory services ability giving the network engineer the ability to control access at different locations with different bandwidth and rates of service.
To date, high bandwidth wireless providers have attempted to provide everything from licensed frequencies to optical transports. Many of these products have not taken hold in a wired world. The expenses associated with licensed frequencies make it difficult to build out large infrastructures. The optical solutions must have direct line of site and have proved difficult to route the network.
Wired networks today address all of these issues. Network management is passed through secure channels logically separated from user traffic to prevent administrative sniffing. Furthermore authentication is completed using RADIUS demanding a username and password, which is done at a central server as opposed to endpoint connections. Therefore updates to directory structures and routing solutions are solved when the user authenticates. In a wired network there is no need for mobile IP and the requirements for BGP are limited to redundancy issues.
Therefore, there is an existing need for a next generation of wired-like network solution to address the wireless communication challenges of today's public domain wide area networks